Skip to main content
Skip table of contents

Adding a new External Service Integration

Perform the following steps in order to fully add in a new external service integration:

  1. Establish connectivity

  2. Forward Proxy

  3. SSL Keys ( roles and meta additions )

  4. Security Group / ELB config

  5. Rails config

Establish connectivity

From a fwdproxy instance on a given environment, try to reach the new service via whatever endpoint you have with curl. Anything over port 443 should work, but alternate ports need an ESECC request.

Forward Proxy

Once you have verified connectivity, add entries to the forward proxy deployments: ansible/deployment/config/fwdproxy/<env> 

SSL Keys

Many backend VA services require the use of a client SSL certificate and key for authentication. Securely generate a private key and certificate using the instructions at: Venafi: Create and download TLS certificates. (Note: Those instructions are for Platform engineers, specifically.) Add the cert as a Jinja2 template to ansible/deployment/config/fwdproxy/, and add the private key to AWS Parameter Store with a name like /devops/certificates/<service>.key .

NOTE: Currently, we don't impose CN restrictions on the SSL certs for new External Service Integration

Security Group / ELB config

Validate the the ports assigned for the forward proxy are listed in the listener_ports variable in terraform/environments/<env>/main.tf. The port should match what is in the Forward Proxy config above.

Rails Config

Add in the require host redirects in ansible/deployment/config/vets-api/ <env>-settings.local.yml.j2

Prometheus has been replaced by Datadog.
Here is some information about getting started with Datadog:


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.